it-as
/
patbef-iOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
patbef-iOS/Befund/Core/Models/Response/EncryptedResponse.swift

105 lines
4.7 KiB
Swift
Raw Normal View History

Code import
2024-01-29 16:20:42 +01:00
//
// EncryptedResponse.swift
// Befund
//
// Created by Irakli Abetschkhrischwili on 15.05.22.
// Copyright © 2022 MVZ Dr. Stein und Kollegen. All rights reserved.
import Foundation
import CryptoKit
extension Core.Models.Response
{
public class EncryptedResponse : Encodable, Decodable
{
public var descriptor: String!
public var encrypted_content: String? = nil
public var hmac: String? = nil
public func Decrypt(key: CryptoKit.SymmetricKey) -> Any?
{
var result: Any? = nil
do
{
self.descriptor = Core.Security.AES.Decrypt(value: self.descriptor, deriveKey: key)
if(self.descriptor != nil && self.encrypted_content != nil)
{
self.encrypted_content = Core.Security.AES.Decrypt(value: self.encrypted_content!, deriveKey: key)
if(self.encrypted_content != nil)
{
let data : Data? = self.encrypted_content!.data(using: .utf8)
if(data != nil)
{
let decoder = JSONDecoder()
if(self.descriptor.lowercased() == "success")
{
result = try decoder.decode(Core.Models.Response.Success.self, from: data!)
}
else if(self.descriptor!.lowercased() == "responseexception")
{
result = try decoder.decode(Core.Models.Response.Exception.self, from: data!)
}
else if(self.descriptor!.lowercased() == "list<status>")
{
result = try decoder.decode([Core.Models.Database.Status].self, from: data!)
}
else if(self.descriptor!.lowercased() == "download")
{
result = try decoder.decode(Core.Models.Response.Download.self, from: data!)
}
else if(self.descriptor!.lowercased() == "pin")
{
result = try decoder.decode(Core.Models.Response.PIN.self, from: data!)
}
}
}
}
}
catch
{
Core.Log.Error(err: error, namespace: "Core.Models.Response.EncryptedResponse", method: "Decrypt(SymmetricKey)")
}
return result;
}
/**
* Validates the encrypted request by HMAC and Ed25519
*
* @param deriveKey - shared derive key, that should be used for the HMAC Authentification
* @param clientSignature - client signature, that should be verified
* @param clientSignatureKey - client public signature key, that was used in client signature
* @return returns true if request is valid
*/
public func ValidSignature(deriveKey: SymmetricKey, clientSignature: String, clientSignatureKey: String) -> Bool
{
if(self.encrypted_content != nil && !self.encrypted_content!.isEmpty)
{
return
// Validate over HMAC
(self.hmac != nil && !self.hmac!.isEmpty &&
Core.Security.SHA512.isValidAuthenticationCode(hmac: self.hmac!, message: self.encrypted_content!.data(using: .utf8)!, key: deriveKey) &&
//Validate over Ed25519
Core.Security.Curve25519.CheckValid(signature: Core.Security.Base64.FromBase64String(base64: clientSignature)!, message: self.encrypted_content!.data(using: .utf8)!, publicKey: Core.Security.Base64.FromBase64String(base64: clientSignatureKey)!))
}
else
{
return
// Validate over HMAC
(self.hmac != nil && !self.hmac!.isEmpty &&
Core.Security.SHA512.isValidAuthenticationCode(hmac: self.hmac!, message: self.descriptor.data(using: .utf8)!, key: deriveKey) &&
//Validate over Ed25519
Core.Security.Curve25519.CheckValid(signature: Core.Security.Base64.FromBase64String(base64: clientSignature)!, message: self.descriptor.data(using: .utf8)!, publicKey: Core.Security.Base64.FromBase64String(base64: clientSignatureKey)!))
}
}
}
}